Spamsnake with a 2nd mail server. How 2 redirect SMTP connections

i've 2 mails server, the great spamsnake and the main mail server.
After implementing the spamsnake, i changed the DNS MX records for spamsnake be the first MX record and Main Mailserver the 2nd, to make spamsnake behave like a gateway.

I don't know why, i still ( after 72hrs of DNS propagation) receive emails directly in the main server, instead of them pass all by the spamsnake.

I would like to know if there is any possibility to "redirect" all the external SMTP connections from the Main Mailserver to spamsnake, and than spamsnake knows that have to relay the processed mail to the Main mailserver.

Sounds a good solution, but i've a problem that doesn't allows me to use that.

SpamSnake is just the gateway machine that filter and clean the email at the "front door" and the back Mailserver ( the main one ) is where users have theirs mailboxes and is where users connect to send (SMTP Authentication)/receive email.

Due this, i could do as you suggested and redirect the traffic accordingly, but the problem is that i've external users that need to connect to the back main mail server, not only the foreign MTAs that deliver mail to mu domain.

I fwded de port 25 in my router to test and its ok, but i don't know solve the problem of external people send emails normally.

Following you email, i found 1 big problem in my spamsnake.
I can use a fake user through LAN connection and even through WAN connection
connect to spamsnake and send emails to my domain.
i mean: fakeuser@mydomain.com can send emails to an existing one, e.g existinguser@mydomain.com

You should be able to send emails to valid users, that's the normal operation, even if you're sending it as a non-existing user. Postfix will catch the mail and relay it if the user exist on your MTA or in your relay_recipient file.

It will even allow emails sent from a valid user to another valid user. If this email is indeed a spam, MailScanner will pick up on it and tag it appropriately.

It will not allow you to send a test email from any domain to another domain outside of the ones you're relaying for. You should get relay access denied when trying this.

Well since Postfix was designed to work the way you described, the operation would be deemed normal.

As for SASL, I really don't think that's necessary. The SpamSnake is just a gateway that doesn't store the emails. It doesn't allow webmail access and doesn't have real users created. If you've implemented the firewall, at the end of the guide, you're already very secure.

My system has been up and running for the longest while without any failures or security breaches. The SpamSnake was built with security in mind and thus, you shouldn't have to implement any other features as it's already very protected.

Don't forget, you have to train your MailScanner via MailWatch. This will improve the accuracy of the spam engine.